Architecture - J-Beast/framework GitHub Wiki

This page provides an overview of the high level architecture of the JBeast framework.

All modules of the framework are organized as separate Java projects build on top of Spring framework:

  • the Common module provides common utilities such as I cloning a target repository to a folder or generating an AST for further code analysis. The module uses the JavaParser library for AST manipulation and further operations.

  • the Repository API module is the entrypoint of the framework exposing a common Git repository API that provides interaction with the core modules of the framework

  • the JBeast Web module serves a React-based application using Thymeleaf that provides a web interface for convenient use of the framework

  • the JBeast CLI module provides a simple command-like interface for interacting with the framework

  • the Onboard module provides generating of an onboarding guide of the target Git repo

  • the Analyse module provides detailed analysis of the target Java repository codebase and provides suggestions for improvements, refactorings, bugfixes including the possibility to create relevant PR/set of PRs to address the suggestions

  • the Optimize module provides code optimizations on the target repository including the possibility to create relevant PR/set of PRs to address the suggestions

  • the Deploy module provides the possibility to deploy the target repository on a target Kubernetes cluster, also provides instrumentation capabilities so that performance of application flows can be measured

  • the Measure module provides the possibility to measure the performance of a repository deployed with the framework

  • the Malware module provides the possibility to generate backdoors and viruses in the codebase of a target repository

The Optimize, Deploy and Measure modules can be combined in a three step process that allows for a fully automated assessment of the optimizations applied on the codebase compared to target repository from a runtime perspective. The framework is deployed as a single application.

The following diagram outlines the core model of the framework:

Repositories are logically separated into organizations. Each repository may have one or more scans (i.e. for vulnerabilities) and each scan has a particular type (such as VULNERABILITY or ONBOARDING) based on what we are actually scanning the repository for. Based on type of scan we may have certain code changes. This is the case with Malware, Analyse and Optimize modules, but also we may have a guide generated from the code. This is the case with the Onboarding module where we detail the RepositoryGuide module.

Repository API

The Repository API provides entrypoint for interaction with the various modules of the framework and provides a set of REST endpoint in the form of Spring controllers in order to interact with the modules of the system.

Onboard module

The onboard modules generates an onboarding guide in JSON and PDF formats and contains the following information:

  • repository URL used for the scan;
  • build tool(s) used to build the project with proper information about how to install and use it;
  • list of libraries used by the project with short summary, brief intro and basic usage example;
  • entrypoint(s) discovered in the repository;
  • UML class and sequence diagrams of the repository: PlantUML is used for the purpose.

Some of the information in the guide such as summaries, descriptions and code samples is facilitated by the use of ChatGPT LLM.

Deploy module

The deploy module allows for the deployment of the target repository in a Kubernetes cluster and support the following:

  • detection and generation (if missing) of Kubernetes and Helm resources for the target repository prior to deployment;
  • automatic deployment in either a local/remove Kubernetes cluster or on a managed Kubernetes service, the following are supported:

DigitalOcean; RedHat OpenShift; Google GKE; Amazon Elastic Kubernetes Service; Azure Kubernetes.

Malware module

The Malware module searches for potential spots in the source code where it can inject Malware in different variants. The various types of malware being generated can be applied directly or provided as a PR for the repository.

Analyse module

The analyse module provides analyses of the repository codebase and provides information about potential improvements that can be made. In contrast to the other modules this one is searching for code smells and parts of the code and the general repository structure that can be improved. In contrast to other other modules like Malware and Optimize it does not generate direct improvements on the source code that are either applied directed or provided as a PR.

Optimize module

The optimize module searches for potential places in the source code that can be optimized via more proper means or utilities and are not a subject of optimization as per the JVM (i.e. via JIT optimizations). Example of these is the use of threads in places there virtual threads can be leveraged.

Measure module

The measure module provides the possibility to measure the performance and security of a repository deployed by the Deploy module. It depends on the Deploy module that is used to deploy the repository with additional instrumentation that is leverated by the Measure module in order to extract proper information from the application.

In-depth explanation on each module are provided in dedicated pages of the documentation.